Somewhere there was a further discussion with Stephan_R about fragmented
packets, but I can't find it. IIRC, leaving the Deny All Incoming
Fragmented Packets option unchecked does not mean you are allowing
all fragmented packets. There are instances of legitimate packet
fragmentation, but I don't have the technical skills to explain it.
In some cases of legitimate packet fragmentation, CHX3 recognizes
that by other means I believe, perhaps in its implementation of SPI.
Someone like Stem might be able to explain it, but not me. Checking
the Deny option simply rejects all fragmentation.

There was a sample ruleset, very simple, just a couple of rules. All of it, including CHX-I, is long gone now, the site is no longer. I don't even know where you can find or download any of it now either...... It was a great firewall, but pretty much history now unless you can grab a copy somewhere.

Edit: Sorry, just saw the posts in the other CHX thread. You really should just post once and not in 3 or more threads asking the same question. Others have posted links to CHX and everything available. It's pretty much a learn by doing thing. You might Google for any further CHX tutorial type material also.